Compare commits

..

No commits in common. "05571ceb346d29e11ff388abec1cde7bcc6a6a95" and "e0e79297415be6c4d85f1d9fce7905ad0ed4a609" have entirely different histories.

9 changed files with 47 additions and 156 deletions

View File

@ -189,35 +189,6 @@ services:
parallelism: 1 parallelism: 1
order: start-first order: start-first
keycloak:
image: quay.io/keycloak/keycloak
ports:
- "8443:3000"
environment:
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://0.0.0.0:5432/keycloak
KC_DB_USERNAME: postgres
KC_DB_PASSWORD: $DB_PASSWORD_PROD
KC_HOSTNAME: keycloak.sprinthub.ru
JAVA_OPTS_KC_HEAP: "-XX:MaxHeapFreeRatio=50 -XX:MaxRAMPercentage=65"
command: start
deploy:
mode: replicated
placement:
constraints: [node.labels.stage == production]
restart_policy:
condition: any
update_config:
parallelism: 1
order: start-first
resources:
limits:
cpus: '1.0'
memory: 250M
reservations:
cpus: '0.50'
memory: 125M
volumes: volumes:
minio_data: minio_data:
driver: local driver: local

View File

@ -1,29 +0,0 @@
version: "3.6"
services:
nginx:
image: mathwave/sprint-repo:sprint-infra-nginx-dev
networks:
- common-infra-nginx-development
ports:
- published: 80
target: 80
mode: host
- published: 443
target: 443
mode: host
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
placement:
constraints: [node.labels.stage == development]
update_config:
parallelism: 1
# order: stop-first
networks:
common-infra-nginx-development:
external: true

View File

@ -1,29 +0,0 @@
version: "3.6"
services:
nginx:
image: mathwave/sprint-repo:sprint-infra-nginx-prod
networks:
- common-infra-nginx
ports:
- published: 80
target: 80
mode: host
- published: 443
target: 443
mode: host
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
placement:
constraints: [node.labels.stage == production]
update_config:
parallelism: 1
# order: start-first
networks:
common-infra-nginx:
external: true

View File

@ -1,7 +1,4 @@
FROM nginx FROM nginx
RUN apt-get update
RUN apt-get install certbot --yes
RUN apt-get install python3-certbot-nginx --yes
COPY ./config /etc/nginx COPY ./config /etc/nginx
COPY ./privkey.pem /etc/nginx/privkey.pem COPY ./privkey.pem /etc/nginx/privkey.pem
COPY ./fullchain.pem /etc/nginx/fullchain.pem COPY ./fullchain.pem /etc/nginx/fullchain.pem

View File

@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDmTCCAx+gAwIBAgISBmM6pAg0qa3+cxLar5nvn27GMAoGCCqGSM49BAMDMDIx MIIDjTCCAxOgAwIBAgISBFOrEAaTGvrTDKdeolnTvP2tMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNTA1MzAyMTEzMjZaFw0yNTA4MjgyMTEzMjVaMCExHzAdBgNVBAMMFiou NTAeFw0yNTAyMTMyMDMxMTNaFw0yNTA1MTQyMDMxMTJaMCExHzAdBgNVBAMMFiou
ZGV2ZWxvcC5zcHJpbnRodWIucnUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATy ZGV2ZWxvcC5zcHJpbnRodWIucnUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQW
YXxx4cfN6ga0duaq7STjZxNwtFQ7c0ZAO+D7ulmdf/jpK8Xfkj5d0KMX0jhTmTEg CTHej6yeHgUhHJlGrI3/8cFlPdoVWeb4J+5DOaEKhpdeL90JWNMVIrbz4yaa9LTi
DUwvBMsH/fpyuuEdHNPWo4ICJDCCAiAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQW Yezrr5pXocvdS9fBT/zHo4ICGDCCAhQwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT1 MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRY
FLWsp0ksteuVXXd3pZokXOhj2DAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZw 7KU/E/kLjq27+Bsr5myR/sry4TAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZw
i9LXDTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxl i9LXDTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxl
bmNyLm9yZy8wIQYDVR0RBBowGIIWKi5kZXZlbG9wLnNwcmludGh1Yi5ydTATBgNV bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzAhBgNV
HSAEDDAKMAgGBmeBDAECATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTUuYy5s HREEGjAYghYqLmRldmVsb3Auc3ByaW50aHViLnJ1MBMGA1UdIAQMMAowCAYGZ4EM
ZW5jci5vcmcvNzEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAEvFONL1T AQIBMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAzPsPaoVxCWX+lZtTzumyfCLp
ckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGXI0B2OwAABAMARzBFAiBcMmQQ hVwNl422qX5UwP5MDbAAAAGVATe42wAABAMARzBFAiAvPfNaVjzr1bjZLfQuZku5
PiKhuqhi3fs4yL6lfnQdZ1VlJTBifu8T6t4H3QIhAL/BdDUOafC+9nrlP7USrlCT 1raR2QS3oPhfFcYfsKzPAgIhAJ6E1t/yKiuc3JScuUl26S4+s2noeAGhmIxB/uk+
Oo1TA5JG/Yvxk5a/Oe1yAHYA7TxL1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+ 9KCMAHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGVATe4xwAA
P+AAAAGXI0CF1gAABAMARzBFAiAHI0Z170KObyMHOQM6w/GhsazTzUpBilyQnv/b BAMARzBFAiASyvhckbFMsgtb7FGbF2nl0KAboDqiJK9ekpHLu41YSQIhANJjOl3+
Wr+kdwIhALS4DQNUNfiJoea0wszwoTxcnowGI7Whx8qH4Ut6st88MAoGCCqGSM49 HHBPrLR2oMi3vE1jkJxhFYNeoQzxGGeKVstpMAoGCCqGSM49BAMDA2gAMGUCMQC2
BAMDA2gAMGUCMGdO7CfUNB8wcMaHtED7/dy2ojOtofMze0kN0rzt2I/On55Ce84K 4UIBvoCAl54QjeXlpadTbL5hE2bsh1bEF3XNtaIsVVlBFQZwly2fp2Qil9m34BcC
ZJ0Uj+Bcv/66qwIxAJ9YJTSJ1+owoICDbJekE+ejgzA+GgU2Z+RviZUTNXIdbWbX MEF4eFmSQmAjc++mRA9m4qo4P5KeeakU1ccrWEypfIHnLn/UtQlG8K2+ceAQc/9K
etMXbXfP7WJPjxZ+ng== pg==
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
@ -45,4 +45,4 @@ K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc= VQD9F6Na/+zmXCc=
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIPtfut2MheT8iyX6/EXDHHDR9yvtYLxMUg34mLeCpngpoAoGCCqGSM49 MHcCAQEEIPXF013iLs5Jvxsj7K8xdzqyUBQxFILJ3dEyTriIJQaDoAoGCCqGSM49
AwEHoUQDQgAE8mF8ceHHzeoGtHbmqu0k42cTcLRUO3NGQDvg+7pZnX/46SvF35I+ AwEHoUQDQgAEFgkx3o+snh4FIRyZRqyN//HBZT3aFVnm+CfuQzmhCoaXXi/dCVjT
XdCjF9I4U5kxIA1MLwTLB/36crrhHRzT1g== FSK28+MmmvS04mHs66+aV6HL3UvXwU/8xw==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

View File

@ -1,23 +1,23 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDhzCCAw6gAwIBAgISBXELtGOqEI5IsXNFUC7cue03MAoGCCqGSM49BAMDMDIx MIIDfDCCAwKgAwIBAgISA7RNvbxsQFQcAVy4rIt/qik2MAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNTA1MzAyMTQ3MzZaFw0yNTA4MjgyMTQ3MzVaMBkxFzAVBgNVBAMMDiou NTAeFw0yNTAyMTMyMTAzMzdaFw0yNTA1MTQyMTAzMzZaMBkxFzAVBgNVBAMMDiou
c3ByaW50aHViLnJ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoS3M+thgeup/ c3ByaW50aHViLnJ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnOOljp3cFclh
F6JS7kVNJCWee8xzLkoIUcZNgNqmoovVSP02K9azdDRAp+c2OlzJqJQC+ZefswCB repAoo/OTovyU5RVDTKNc7p01odoygI5z4ZsIiiZL0lQ8Qfvj1fVlVtah9LPuz5c
2xvjNSoL2aOCAhswggIXMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF hLMNK2KoLaOCAg8wggILMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUu+3qfzUyaCAb BQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEvxI9gbpB3pH
POu7GPUO6ZI2WfswHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wMgYI nRkSwmBUDxbqiZMwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYI
KwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5vcmcv KwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcw
MBkGA1UdEQQSMBCCDiouc3ByaW50aHViLnJ1MBMGA1UdIAQMMAowCAYGZ4EMAQIB IgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wGQYDVR0RBBIwEIIO
MC0GA1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly9lNS5jLmxlbmNyLm9yZy81Ni5jcmww Ki5zcHJpbnRodWIucnUwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEDBgorBgEEAdZ5
ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sA AgQCBIH0BIHxAO8AdQDehYHXUCR8a83Lr1Y3xeeBxkzkbtYXY5+PNKcmyeK9NwAA
OhQSdgosrLvIKgAAAZcjX78RAAAEAwBHMEUCIDNC6e7jNcTXW1bti1nkseruXw84 AZUBVWFvAAAEAwBGMEQCIG/0w/LD2GbEa6OPYUzrQyQFbHvlCQHI8fZ9poUQ/79o
b8dsVzBt96FtE4+aAiEAr7ugvtozhmp6JdkIEfdHKecym9TxcL1h43j6rbKU3d8A AiAQnczLXxcowqIYF+K5ppeDdVJjs9YfAX0l+7MlNiExOAB2ABNK3xq1mEIJeAxv
dQAaBP9J0FQdQK/2oMO/8djEZy9O7O4jQGiYaxdALtyJfQAAAZcjX8BoAAAEAwBG 70x6kaQWtyNJzlhXat+u2qfCq+AiAAABlQFVYjEAAAQDAEcwRQIgSlaJ8jTrR4cb
MEQCIDezeAIFZ25OWXVV9hmtzEE5ujP0IyFaLxebyXAflYZMAiAy09hFLQXapebE E65bZZcqufKCDTsUIrasTjgB5wPR/CUCIQDKoTiZvY2J+CUOazRAMCLuKknvnlWb
5YDtvqfmefapEsr4OaWyfusWjmeaiDAKBggqhkjOPQQDAwNnADBkAjAobO18Vk18 15C9fsy1e5ZhXTAKBggqhkjOPQQDAwNoADBlAjEAh8H95ADLd8IXWPk2OG94VQ35
BG7lBbXEQ0O8RYy+CEV/ef1ni2CBQp+MtmG/ZCWAbfEXFaj2WKng5Q0CMFRR9icx ukNHsIreck5DHo/0HxKBuD+mjp8SG/vEJ0UB/65iAjBywTkv3JeaLV1SX+QUUUiF
p6/tLUixnJfAusGudEtD5Leh2foPDT2jzgazaROaVFVTrCJMGcdgVukuPQ== 5aNTztnM6d3vHalb+pJJ0LtO32c1iY7pQ47wqXk8fbs=
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
@ -44,4 +44,4 @@ K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc= VQD9F6Na/+zmXCc=
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -164,25 +164,6 @@ http {
} }
} }
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name keycloak.sprinthub.ru;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
proxy_pass http://dev.sprinthub.ru:8443/;
}
}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;

View File

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIL0TAduonJLmbcDpRxDjSfa8bMIqLOh1KQcGQvAeQTIQoAoGCCqGSM49 MHcCAQEEINNyhRc5/bs0M7kOOl2bh1BkcFyHG6m0+VSVNuMEN+E1oAoGCCqGSM49
AwEHoUQDQgAEoS3M+thgeup/F6JS7kVNJCWee8xzLkoIUcZNgNqmoovVSP02K9az AwEHoUQDQgAEnOOljp3cFclhrepAoo/OTovyU5RVDTKNc7p01odoygI5z4ZsIiiZ
dDRAp+c2OlzJqJQC+ZefswCB2xvjNSoL2Q== L0lQ8Qfvj1fVlVtah9LPuz5chLMNK2KoLQ==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----